CVE-2007-2295

2007-04-2620:19:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2007-2295

information security

buffer overflow

apple quicktime

h.264 mov file

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.555 Medium

EPSS

Percentile

97.7%

JSON

Heap-based buffer overflow in the JVTCompEncodeFrame function in Apple Quicktime 7.1.5 and other versions before 7.2 allows remote attackers to execute arbitrary code via a crafted H.264 MOV file.

Affected configurations

NVD

Node

applequicktimeMatch7.1

applequicktimeMatch7.1.1

applequicktimeMatch7.1.2

applequicktimeMatch7.1.3

applequicktimeMatch7.1.4

applequicktimeMatch7.1.5

CPENameOperatorVersion
apple:quicktimeapple quicktimeeq7.1
apple:quicktimeapple quicktimeeq7.1.1
apple:quicktimeapple quicktimeeq7.1.2
apple:quicktimeapple quicktimeeq7.1.3
apple:quicktimeapple quicktimeeq7.1.4
apple:quicktimeapple quicktimeeq7.1.5

CPE	Name	Operator	Version
apple:quicktime	apple quicktime	eq	7.1
apple:quicktime	apple quicktime	eq	7.1.1
apple:quicktime	apple quicktime	eq	7.1.2
apple:quicktime	apple quicktime	eq	7.1.3
apple:quicktime	apple quicktime	eq	7.1.4
apple:quicktime	apple quicktime	eq	7.1.5